Mushfique Khan
asked on
wordpress admin password
Hi, some company designed my site in wordpress, would like to extract wp-admin password, don't want to reset it, but use the same as the designer created.
Is there any way to get the current/existing wp-admin password ... I don't want to reset it but rather use the same, as done by the designer.
I've cpanel access.
Please assist/advise.
Regards
MK
Is there any way to get the current/existing wp-admin password ... I don't want to reset it but rather use the same, as done by the designer.
I've cpanel access.
Please assist/advise.
Regards
MK
Is the login saved in your web browser and you just don't know what it is? If so I have a way you can view it.
ASKER
can't I decrypt that hash value? ... no way at all?
ASKER
@Chris Swinney ... no its not saved
ASKER
Chris Swinney ... please share, how to view that password, I've cpanel access can see, also there are 3 dbs under phpMyAdmin, how to figure out, which one is the one I'm accessing?
You cannot decrypt a hash. WordPress uses salted hashes so you can't use a hash lookup table either. Your only option is to reset it. This security model is designed specifically to prevent hackers from being able to steal passwords if they were able to access the database (e.g. via SQL injection).
What version of WordPress?
Theoretically you can decrypt anything, given sufficient time + money + computing power.
So years of CPU time on a massive multi-core machine... Well, maybe months if you get lucky + the person used a password with some type of dictionary words. If they used a random 16 or 32 byte initial password to encrypt... well, the sun might go nova before you crack it.
If you have the unlimited time + money, search for cracking MD5 encrypted passwords.
Likely you'll require setting up a foundation, which can be run by your children, grandchildren, on + on, till password is cracked, sometime in the future when robots rule the world. :)
https://tipstrickshack.blo gspot.com/ 2012/11/ho w-to-crack -md5-hash- in-ubuntu_ 17.html is one starting point. Likely you'd take this code. Run this code on a multi-core machine with hyperthreading under a job queue system to saturate/use all cores.
So years of CPU time on a massive multi-core machine... Well, maybe months if you get lucky + the person used a password with some type of dictionary words. If they used a random 16 or 32 byte initial password to encrypt... well, the sun might go nova before you crack it.
If you have the unlimited time + money, search for cracking MD5 encrypted passwords.
Likely you'll require setting up a foundation, which can be run by your children, grandchildren, on + on, till password is cracked, sometime in the future when robots rule the world. :)
https://tipstrickshack.blo
If it is an MD5 hash such as in pre v2.5, yes, reasonably easy to crack (why I asked about the version). After v2.5 salted hashes were added and it is extremely unlike that this will be crack, at least not in the time that would be useful to OP.
For those of us, who may touch 100s of WordPress sites in a day, this entire questions seems odd.
For example, most of my clients are generating massive amounts of cash + the last thing on their mind is some random password.
In fact, many of my clients require both Salts to be reset periodically + all user's passwords expired periodically, so every person, including admins + designers are forced to reset their password periodically.
I have other clients who require specialized iptables code which tracks logins + once a successful login occurs, the IP + user are pinned together for some time period, like an hour, where no other logins from any other IPs for a user are required.
After reading your initial question again, it occurs to me that a single account (user/pass) is being shared between many people.
I suppose this is fine for a hobby site.
For a production site, each person best have their own user/pass, so logging can be run on the site tracking who's doing what.
Sharing logins is a nightmare for security + determining who really changed what on a site.
For example, most of my clients are generating massive amounts of cash + the last thing on their mind is some random password.
In fact, many of my clients require both Salts to be reset periodically + all user's passwords expired periodically, so every person, including admins + designers are forced to reset their password periodically.
I have other clients who require specialized iptables code which tracks logins + once a successful login occurs, the IP + user are pinned together for some time period, like an hour, where no other logins from any other IPs for a user are required.
After reading your initial question again, it occurs to me that a single account (user/pass) is being shared between many people.
I suppose this is fine for a hobby site.
For a production site, each person best have their own user/pass, so logging can be run on the site tracking who's doing what.
Sharing logins is a nightmare for security + determining who really changed what on a site.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
fix it myself ... ;)
If you reset your admin password, this will take a few seconds.
By hash, I mean the encrypted form of your password, which will be a hash (arbitrary string of characters).